Acme Automation - free SSL certificate application and automatic renewal

At first, I made an automatic renewal , Tested it , I originally thought of writing this article after seeing the effect for a period of time , But it is valid for three months , I've been waiting for more than a month now , The free certificate applied for by my own website has expired , This test will be automatically renewed for more than a month , It is said that it will be automatically renewed only after one month , So do it again , By the way , When it's time to renew, we'll update the results

The old rule is to go to the website first ,freessl

One 、 Configure get deployment command

Click on ACME automation

Click Add

Enter your own domain name , Support for wildcards , And then click next

To configure cname analysis , Point after completion ” Configuration complete , Detect immediately “

After that, the deployment order will be given

Two 、 Use ACME Apply for a certificate

Refer to ”ACME Get started with automation “
install acme, Back [email protected] Change to your own mailbox

curl https://get.acme.sh | sh -s [email protected]

If the above official download address fails perhaps Too slow , You can choose a domestic alternate address

curl https://gitcode.net/cert/cn-acme.sh/-/raw/master/install.sh?inline=false | sh -s [email protected]

And then in root Under the table of contents ls -a You can see that there is a .acme.sh Folder , After entering, there is a account.conf The configuration file , There is the mailbox filled in during the previous installation , I don't know what's the use , It is estimated that you will be notified of something at that time

3、 ... and 、 To configure dns analysis api

You need to configure it before using dns analysis api, It should be convenient to renew later , I use the domain name of Tencent cloud and dns analysis , That is to say dnspod, For each configuration, please refer to How to use DNS API
If it is dnspod, Click on the top right picture , And then click API secret key

choice DNSPod Token

Create a key

Get ID and token, preserved

Then go back to the key just obtained by the server configuration

export DP_Id=" secret key ID"
export DP_Key=" secret key token"

Four 、 Apply for a certificate

Get the deployment order just given acme.sh Deployment command , Just input it directly
Wait a lot 15 Seconds later, the application was successful

5、 ... and 、 Use

Look at the certificate location above. The first one is the certificate location , The second is the certificate key location


You can use it directly , I use the pagoda panel here , So directly configure ssl That's it , Although it is necessary to write pem Format , But above cer It can also be used directly

Remaining after saving 90 The day is due , It's reasonable to use this acme here we are 30 It will be automatically renewed within days

6、 ... and 、 Report errors

The process reported two errors

1. Error reporting scenario ： Installed acme Then directly use the provided acme.sh The deployment command application certificate reports an error , There is no reconnection server and no configuration dns analysis api
   terms of settlement ： Just reconnect the server directly , No configuration dns analysis api, So it may have nothing to do with this
   Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 28
   Sign failed, finalize code is not 200.
   Please add ‘–debug’ or ‘–log’ to check more details.
   See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
   
2. Error reporting scenario ： Use on the same day B The server applied for this domain name in advance , Think about getting familiar with it and then A Server application , Then write a tutorial , The result is B The server has applied , use A The server application reported this error , This is true for several times
   terms of settlement ： Try again later B The server application also reported this error , So it should not be a server or acme The problem of , There is no solution on the Internet , Guess it's a duplicate application , Then apply again the next day ..
   Create new order error. Le_OrderFinalize not found. {
   “type”: “urn:ietf:params:acme:error:serverInternal”,
   “detail”: “Trace-ID: fc5f48b2-15c3-4754-bd82-5c08215a47cb, Server internal error”,
   “status”: 500
   }